Ubuntu update for ceph

1) Incorrect default permissions

EUVDB-ID: #VU72630

Risk: Low

CVSSv4.0: 7.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear]

CVE-ID: CVE-2022-3650

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to ceph-crash.service runs the ceph-crash Python script with root privileges. The script is operating in the directory /var/lib/ceph/crash which is controlled by the unprivileged ceph user. A local user can inject arbitrary data into the crash dump and force the privileged script to write that file into an arbitrary location on the system, resulting in privilege escalation.

Mitigation

Update the affected package ceph to the latest version.

Vulnerable software versions

Ubuntu: 23.04

ceph-common (Ubuntu package): before 17.2.6-0ubuntu0.23.04.2

ceph-base (Ubuntu package): before 17.2.6-0ubuntu0.23.04.2

ceph (Ubuntu package): before 17.2.6-0ubuntu0.23.04.2

CPE2.3

• cpe:2.3:o:canonical:ubuntu:23.04:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ceph-common_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:ceph-base_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:ceph_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-6292-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.